ruby-sslyze 0.2.1 → 1.0.0

data/lib/sslyze/version.rb

@@ -1,4 +1,4 @@
 module SSLyze
   # ruby-sslyze version
-  VERSION = "0.2.1"
+  VERSION = '1.0.0'
 end

data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb}

@@ -1,9 +1,11 @@
 module SSLyze
-  class Certificate
+  module X509
     #
     # Represents a domain name pattern.
     #
-    class DomainName
+    # @since 1.0.0
+    #
+    class Domain
 
       # The subject name.
       #
@@ -43,7 +45,7 @@ module SSLyze
       # @return [Boolean]
       #
       def ==(other)
-        @name == other.name
+        other.kind_of?(self.class) && @name == other.name
       end
 
       #

data/lib/sslyze/x509/extension.rb

@@ -0,0 +1,15 @@
+require 'delegate'
+
+module SSLyze
+  module X509
+    #
+    # Wraps around an [OpenSSL::X509::Extension][1] object.
+    #
+    # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Extension
+    #
+    # @since 1.0.0
+    #
+    class Extension < SimpleDelegator
+    end
+  end
+end

data/lib/sslyze/x509/extension_set.rb

@@ -0,0 +1,140 @@
+require 'sslyze/x509/extensions'
+
+module SSLyze
+  module X509
+    #
+    # Provides a Hash-like interface around an Array of
+    # [OpenSSL::X5095::Extension][1]s.
+    #
+    # [1]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Extension
+    #
+    # @since 1.0.0
+    #
+    class ExtensionSet
+
+      include Enumerable
+
+      #
+      # Initializes the X509 extension set.
+      #
+      # @param [Array<OpenSSL::X509::Extension>] extensions
+      #   The array of extensions.
+      #
+      def initialize(extensions)
+        @extensions = Hash[extensions.map { |ext|
+          [ext.oid, ext]
+        }]
+      end
+
+      #
+      # Enumerates over the X509 extensions in the set.
+      #
+      # @yield [extension]
+      #
+      # @yieldparam [OpenSSL::X509::Extension] extension
+      #
+      # @return [Enumerator]
+      #
+      def each(&block)
+        @extensions.each_value(&block)
+      end
+
+      #
+      # Determines if the X509 extension exists in the set.
+      #
+      # @param [String] oid
+      #
+      # @return [Boolean]
+      #
+      def has?(oid)
+        @extensions.has_key?(oid)
+      end
+
+      #
+      # Looks up the X509 extension with the given name.
+      # @param [String] oid
+      #
+      # @return [OpenSSL::X509::Extension]
+      #
+      def [](oid)
+        @extensions[oid]
+      end
+
+      #
+      # Converts the X509 extension set to an Array.
+      #
+      # @return [Array<OpenSSL::X509::Extension>]
+      #
+      def to_a
+        @extensions.values
+      end
+
+      #
+      # The `basicConstraints` extension.
+      #
+      # @return [Extensions::BasicConstraints, nil]
+      #
+      def basic_constraints
+        @basic_constraints ||= if (ext = self['basicConstraints'])
+                                 Extensions::BasicConstraints.new(ext)
+                               end
+      end
+
+      #
+      # The `certificatePolicies` extension.
+      #
+      # @return [Extensions::CertificatePolicies, nil]
+      #
+      def certificate_policies
+        @certificate_policies ||= if (ext = self['certificatePolicies'])
+                                    Extensions::CertificatePolicies.new(ext)
+                                  end
+      end
+
+      #
+      # The `crlDistributionPoints` extension.
+      #
+      # @return [Extensions::CRLDistributionPoints, nil]
+      #
+      def crl_distribution_points
+        @crl_distribution_points ||= if (ext = self['crlDistributionPoints'])
+                                       Extensions::CRLDistributionPoints.new(ext)
+                                     end
+      end
+
+      #
+      # The `extendedKeyUsage` extension.
+      #
+      # @return [Extensions::ExtendedKeyUsage, nil]
+      #
+      def extended_key_usage
+        @extended_key_usage ||= if (ext = self['extendedKeyUsage'])
+                                  Extensions::ExtendedKeyUsage.new(ext)
+                                end
+      end
+
+      #
+      # The `keyUsage` extension.
+      #
+      # @return [Extensions::KeyUsage, nil]
+      #
+      def key_usage
+        @key_usage ||= if (ext = self['keyUsage'])
+                         Extensions::KeyUsage.new(ext)
+                       end
+      end
+
+      #
+      # The `subjectAltName` extension.
+      #
+      # @return [Extensions::SubjectAltName, nil]
+      #
+      def subject_alt_name
+        @subject_alt_name ||= if (ext = self['subjectAltName'])
+                                Extensions::SubjectAltName.new(ext)
+                              end
+      end
+
+    end
+  end
+end

data/lib/sslyze/x509/extensions.rb

@@ -0,0 +1,6 @@
+require 'sslyze/x509/extensions/basic_constraints'
+require 'sslyze/x509/extensions/certificate_policies'
+require 'sslyze/x509/extensions/crl_distribution_points'
+require 'sslyze/x509/extensions/extended_key_usage'
+require 'sslyze/x509/extensions/key_usage'
+require 'sslyze/x509/extensions/subject_alt_name'

data/lib/sslyze/x509/extensions/basic_constraints.rb

@@ -0,0 +1,41 @@
+require 'sslyze/x509/extension'
+
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `basicConstraints` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class BasicConstraints < Extension
+
+        #
+        # The value of the `CA` constraint.
+        #
+        # @return [Boolean, nil]
+        #
+        def ca?
+          if    value.include?('CA:TRUE') then true
+          elsif value.include?('CA:FALSE') then false
+          end
+        end
+
+        #
+        # The value of the `pathlen` constraint.
+        #
+        # @return [Integer, nil]
+        #
+        def path_length
+          @path_length ||= if (match = value.match(/pathlen:(\d+)/))
+                             match[1].to_i
+                           end
+        end
+
+        alias path_len path_length
+        alias pathlen path_length
+
+      end
+    end
+  end
+end

data/lib/sslyze/x509/extensions/certificate_policies.rb

@@ -0,0 +1,108 @@
+require 'sslyze/x509/extension'
+
+require 'uri'
+
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `certificatePolicies` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class CertificatePolicies < Extension
+
+        #
+        # Represents an individual certificate policy.
+        #
+        class Policy
+
+          # @return [String]
+          attr_reader :policy
+
+          # @return [URI::Generic, nil]
+          attr_reader :cps
+
+          # @return [String, nil]
+          attr_reader :user_notice
+
+          #
+          # Initializes the policy.
+          #
+          # @param [String] policy
+          #   The policy text.
+          #
+          # @param [Hash{Symbol => Object}] qualifiers
+          #
+          # @option qualifiers [URI::Generic, nil] :cps
+          #   The CPS URI.
+          #
+          # @option qualifiers [String, nil] :user_notice
+          #   The user notice.
+          #
+          def initialize(policy,qualifiers={})
+            @policy = policy
+
+            @cps         = qualifiers[:cps]
+            @user_notice = qualifiers[:user_notice]
+          end
+
+          alias to_uri cps
+          alias to_s policy
+
+        end
+
+        include Enumerable
+
+        #
+        # Parses the individual policies listed in the extension's value.
+        #
+        # @return [Array<Policy>]
+        #
+        def policies
+          # XXX: ugly multiline regexp to parse the certificate policies and
+          # their qualifiers.
+          @policies ||= value.scan(/^Policy: [^\n]+\n(?:  [^:]+: [^\n]+\n)*/m).map do |text|
+            policy = text.match(/^Policy: ([^\n]+)/)[1]
+
+            cps = if (match = text.match(/^  CPS: ([^\n]+)/m))
+                    URI.parse(match[1])
+                  end
+
+            user_notice = if (match = text.match(/^  User Notice: ([^\n]+)/m))
+                            match[1]
+                          end
+
+            Policy.new(policy, cps: cps, user_notice: user_notice)
+          end
+        end
+
+        #
+        # The number of certificate policies.
+        #
+        # @return [Integer]
+        #
+        def length
+          policies.length
+        end
+
+        #
+        # Enumerates over every certificate policy in the extension.
+        #
+        # @yield [policy]
+        #   The given block will be passed each parsed policy.
+        #
+        # @yieldparam [Policy] policy
+        #   A parsed certificate policy.
+        #
+        # @return [Enumerator]
+        #   If no block is given, an Enumerator will be returned.
+        #
+        def each(&block)
+          policies.each(&block)
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/x509/extensions/crl_distribution_points.rb

@@ -0,0 +1,47 @@
+require 'sslyze/x509/extension'
+
+require 'uri'
+
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `crlDistributionPoints` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class CRLDistributionPoints < Extension
+
+        include Enumerable
+
+        #
+        # All `URI:` values.
+        #
+        # @return [Array<URI::Generic>]
+        #   All parsed `URI:` values from within the extension value.
+        #
+        def uris
+          @uris ||= value.scan(/URI:(.+)/).map { |(uri)| URI.parse(uri) }
+        end
+
+        #
+        # Enumerates over each {#uris uri} value within the
+        # `crlDistributionPoiints` extension.
+        #
+        # @yield [uri]
+        #   The given block will be passed each CRL URI.
+        #
+        # @yieldparam [URI::Generic] uri
+        #   A parsed `URI:` value from within the extension value.
+        #
+        # @return [Enumerator]
+        #   If no block is given, an Enumerator will be returned.
+        #
+        def each(&block)
+          uris.each(&block)
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/x509/extensions/extended_key_usage.rb

@@ -0,0 +1,58 @@
+require 'sslyze/x509/extension'
+
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `extendedKeyUsage` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class ExtendedKeyUsage < Extension
+
+        include Enumerable
+
+        #
+        # The allowed extended key uses.
+        #
+        # @return [Array<String>]
+        #
+        def uses
+          @uses ||= value.split(', ')
+        end
+
+        #
+        # Enumerates over the allowed extended key uses.
+        #
+        # @yield [use]
+        #
+        # @yieldparam [String] use
+        #
+        # @return [Enumerator]
+        #
+        def each(&block)
+          uses.each(&block)
+        end
+
+        #
+        # Determines if TLS Web Server Authentication is allowed.
+        #
+        # @return [Boolean]
+        #
+        def tls_web_server_authentication?
+          uses.include?('TLS Web Server Authentication')
+        end
+
+        #
+        # Determines if TLS Web Client Authentication is allowed.
+        #
+        # @return [Boolean]
+        #
+        def tls_web_client_authentication?
+          uses.include?('TLS Web Client Authentication')
+        end
+
+      end
+    end
+  end
+end